Closed
Bug 1359914
Opened 8 years ago
Closed 8 years ago
Add ssp-buffer-size compiler flag
Categories
(Core :: Security, enhancement)
Core
Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: tjr, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-want, Whiteboard: [sg:want])
This bug was created as a clone of Bug 620058 which contains more context.
|
||
Comment 1•8 years ago
|
||
I don't think this is necessary. My understanding is that |ssp-buffer-size| was used to control the heuristic |-fstack-protector| used to decide which stack-allocated buffers needed protection. I think with |-fstack-protector-strong| this doesn't do anything. Have I misunderstood?
Flags: needinfo?(tom)
|
Reporter | |
Comment 2•8 years ago
|
||
I didn't know, but google led me to https://lwn.net/Articles/584225/ which agrees with you.
-fstack-protector protects functions with a local array of 8 bytes or more. ssp-buffer-size can be used to lower that (e.g. to 4).
-fstack-protector-strong protects functions with any size local array, or a few other conditions.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(tom)
Resolution: --- → INVALID
|
|
Reporter | |
Comment 3•8 years ago
|
||
I guess what we could do, though, is try and make a case for turning on fstack-protector with a tuned ssp-buffer-size on release builds, and basically tuning the buffer-size so the performance is acceptable enough to land the change....
But this amount of effort for just Linux (and even Mac) for the limited security provided might not be worth it.
|
||
Updated•8 years ago
|
status-firefox57:
affected → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•